NotCVE - vendor:"Amd" product:"Ryzen 7 Pro 7730u Firmware"

7 results (0.002 seconds)

CVSS: 8.1EPSS: 0%CPEs: 144EXPL: 0

CVE-2023-20571

https://notcve.org/view.php?id=CVE-2023-20571

14 Nov 2023 — A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. Una condición de ejecución en el código de System Management Mode (SMM) puede permitir que un atacante que utilice un espacio de usuario comprometido aproveche CVE-2018-8897, lo que podría generar una escalada de privilegios. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 144EXPL: 0

CVE-2023-20565

https://notcve.org/view.php?id=CVE-2023-20565

14 Nov 2023 — Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. Las protecciones insuficientes en el código del System Management Mode (SMM) pueden permitir que un atacante habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 144EXPL: 0

CVE-2023-20563

https://notcve.org/view.php?id=CVE-2023-20563

CVSS: 6.6EPSS: 0%CPEs: 122EXPL: 0

CVE-2021-46758

https://notcve.org/view.php?id=CVE-2021-46758

14 Nov 2023 — Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. La validación insuficiente de las direcciones flash SPI en el cargador de arranque ASP (AMD Secure Processor) puede permitir que un atacante lea datos en la memoria asignada más allá de la flash SPI, lo que resulta en una posible pérdida de disponibilidad e integridad. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 •

CVSS: 7.8EPSS: 0%CPEs: 264EXPL: 0

CVE-2023-20555

https://notcve.org/view.php?id=CVE-2023-20555

08 Aug 2023 — Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •

CVSS: 7.2EPSS: 0%CPEs: 244EXPL: 0

CVE-2023-20589 – fTPM Voltage Fault Injection

https://notcve.org/view.php?id=CVE-2023-20589

08 Aug 2023 — An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005 •

CVSS: 5.6EPSS: 0%CPEs: 301EXPL: 1

CVE-2023-20569 – amd: Return Address Predictor vulnerability leading to information disclosure

https://notcve.org/view.php?id=CVE-2023-20569

08 Aug 2023 — A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. Una vulnerabilidad de canal lateral en algunas de las CPU de AMD puede permitir que un atacante influya en la predicción de la dirección de retorno. Esto puede dar lugar a una ejecución especulativa en una dirección controlada por el atacante, lo que podría conducir a l... • http://www.openwall.com/lists/oss-security/2023/08/08/4 • CWE-203: Observable Discrepancy •